Cross-Site Scripting Vulnerability in WonderCMS by Adiapera
CVE-2024-32743

5.5MEDIUM

Key Information:

Vendor: WonderCMS
Status: WonderCMS
Vendor: CVE Published:; 17 April 2024

What is CVE-2024-32743?

A cross-site scripting vulnerability has been identified in WonderCMS version 3.4.3 that allows attackers to inject arbitrary scripts or HTML code. This flaw resides in the Settings section, specifically through a crafted input into the SITE LANGUAGE CONFIG parameter under the Security module. By exploiting this weakness, an attacker could potentially execute malicious scripts within the context of a user's session, posing significant security risks and compromising the integrity of the application. Organizations using this version should take immediate action to mitigate the risks associated with this vulnerability.

References

https://github.com/adiapera/xss_security_wondercms_3.4.3

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 17, 2024
Vulnerability Reserved
Apr 17, 2024

CVE-2024-32743 Data

JSON